### Local Development Setup and Testing Source: https://github.com/runwhen-contrib/runwhen-local/blob/main/README.md Steps for setting up a local development environment using Poetry, installing dependencies, activating the virtual environment, and running tests. This is an alternative to using the dev container. ```bash git clone https://github.com/YOUR-USERNAME/runwhen-local.git cd runwhen-local cd src pip install poetry poetry install poetry shell python tests.py # Start developing! ``` -------------------------------- ### Install RunWhen Local with Local Python Source: https://github.com/runwhen-contrib/runwhen-local/blob/main/README.md Follow these steps to clone the repository, install dependencies using Poetry, and run the workspace builder for a local Python installation. ```bash # Clone the repository git clone https://github.com/runwhen-contrib/runwhen-local.git cd runwhen-local/src # Install dependencies using Poetry pip install poetry poetry install # Make the run script executable chmod +x run.sh # Run the workspace builder ./run.sh ``` -------------------------------- ### Robot Framework Multi-Environment Setup Source: https://github.com/runwhen-contrib/runwhen-local/blob/main/docs/cloud-discovery-configuration/google-cloud-platform-expanded.md Example Robot Framework test case demonstrating how to import secrets for different GKE clusters in production and staging environments, then use `kubectl` with specific kubeconfig files. ```robotframework *** Test Cases *** Multi Environment Example # Production environment Import Secret prod_gke_kubeconfig # gcp:sa@kubeconfig:prod-cluster/us-east1 # Staging environment Import Secret staging_gke_kubeconfig # gcp:sa@kubeconfig:staging-cluster/us-west1 # Use different clusters Shell kubectl --kubeconfig=${prod_gke_kubeconfig} get nodes Shell kubectl --kubeconfig=${staging_gke_kubeconfig} get nodes ``` -------------------------------- ### Install Docker Buildx Plugin Source: https://github.com/runwhen-contrib/runwhen-local/blob/main/deploy/scripts/registry-sync/AWS_ECS_README.md If the buildx command is not found, use this command to install the Docker buildx plugin. ```bash docker buildx install ``` -------------------------------- ### Example Configuration for AWS ECR Sync Source: https://github.com/runwhen-contrib/runwhen-local/blob/main/deploy/scripts/registry-sync/AWS_ECS_README.md This is an example of the `my_config.sh` file. Edit these variables with your specific registry, region, Helm values files, and image details. ```bash # AWS ECR Registry URL private_registry="123456789012.dkr.ecr.us-west-2.amazonaws.com" # AWS Region aws_region="us-west-2" # Helm values files values_file="sample_values.yaml" new_values_file="updated_values.yaml" # Images to sync runwhen_local_images='[ { "repository_image": "ghcr.io/runwhen-contrib/runwhen-local", "destination": "runwhen/runwhen-local", "helm_key": "runwhenLocal" } ]' ``` -------------------------------- ### Hierarchy Structure Example Source: https://github.com/runwhen-contrib/runwhen-local/blob/main/docs/tag-hierarchy-contract.md Illustrates the standard ordered YAML list structure for hierarchies, starting with the platform, followed by parent scopes, and ending with resource_name. ```yaml platform → parent scopes → resource_name ``` -------------------------------- ### Example Watcher Logs Source: https://github.com/runwhen-contrib/runwhen-local/blob/main/docs/configuration/file-watching-configuration.md Observe the startup logs to confirm which files are being watched and their status. ```log File watcher enabled with inclusive watch list... ✓ /shared/workspaceInfo.yaml (found) ✓ /shared/uploadInfo.yaml (found) ✗ /shared/my-config.yaml (not found) Monitoring 2 file(s) from watch list for changes ``` -------------------------------- ### Helm Deploy with Ingress Configuration Source: https://github.com/runwhen-contrib/runwhen-local/blob/main/docs/installation/kubernetes_standalone.md Example Helm installation command to set up an ingress object for RunWhen Local. This configuration includes settings for ingress-nginx, cert-manager, and external-dns, along with host and port details. ```bash hostname="runwhen-local.sandbox.runwhen.com" helm install runwhen-local runwhen-contrib/runwhen-local -n $namespace \ --set ingress.enabled=true \ --set ingress.annotations."kubernetes\.io/tls-acme"=letsencrypt-prod \ --set ingress.annotations."cert-manager\.io/cluster-issuer"="true"\ --set ingress.annotations."external-dns.alpha.kubernetes.io/hostname"=${hostname} \ --set ingress.className="ingress-nginx" \ --set ingress.hosts[0].host=${hostname} \ --set ingress.hosts[0].paths[0].backend.service.name="runwhen-local" \ --set ingress.hosts[0].paths[0].backend.service.port.number=8081 \ --set ingress.hosts[0].paths[0].path="/" \ --set ingress.hosts[0].paths[0].pathType="Prefix" \ --set ingress.tls[0].hosts[0]=${hostname} \ --set ingress.tls[0].secretName="runwhen-local-tls" ``` -------------------------------- ### Copy and Edit Configuration File Source: https://github.com/runwhen-contrib/runwhen-local/blob/main/deploy/scripts/registry-sync/AWS_ECS_README.md Copy the example configuration file and edit it with your specific settings before running the sync script. ```bash # Copy the example configuration cp aws_ecr_example_config.sh my_config.sh # Edit the configuration with your settings nano my_config.sh ``` -------------------------------- ### Helm Installation with Proxies and TLS Source: https://github.com/runwhen-contrib/runwhen-local/blob/main/docs/installation/kubernetes_self_hosted_runner/README.md Install RunWhen Local with the runner enabled, configuring proxy settings and TLS certificates. This is for environments requiring network proxy access. ```bash namespace= workspace= helm repo add runwhen-contrib https://runwhen-contrib.github.io/helm-charts helm repo update helm install runwhen-local runwhen-contrib/runwhen-local \ --set workspaceName=$workspace \ --set proxy.enabled=true \ --set proxy.httpProxy= \ --set proxy.httpsProxy= \ --set proxy.noProxy: 127.0.0.1,localhost,$(KUBERNETES_SERVICE_HOST),pushgateway \ --set proxyCA.key= \ --set proxyCA.secretName: \ --set runner.runEnvironment.proxy.noProxy=127.0.0.1,localhost,$(KUBERNETES_SERVICE_HOST),pushgateway \ --set grafana-agent.agent.mounts.extra[1].mountPath=/etc/ssl/certs/proxy-ca.crt \ --set grafana-agent.agent.mounts.extra[1].name=proxy-ca-volume \ --set grafana-agent.agent.mounts.extra[1].readOnly=true \ --set grafana-agent.agent.mounts.extra[1].subPath=proxy-ca.crt \ --set grafana-agent.controller.volumes.extra[1].name=proxy-ca-volume \ --set grafana-agent.controller.volumes.extra[1].secret.items[0].key=ca.crt \ --set grafana-agent.controller.volumes.extra[1].secret.items[0].path=proxy-ca.crt \ --set grafana-agent.controller.volumes.extra[1].secret.secretName= \ --set runner.enabled=true \ -n $namespace ``` -------------------------------- ### Full Azure DevOps Discovery Scope Example Source: https://github.com/runwhen-contrib/runwhen-local/blob/main/examples/azure-devops/README.md A comprehensive example demonstrating project filtering, resource type toggles, and per-project overrides for Azure DevOps discovery. ```yaml cloudConfig: azure: devops: organizationUrl: "https://dev.azure.com/your-organization" patSecretName: "azure-devops-pat" scope: includeProjects: - "team-alpha-.*" - "shared-services" excludeProjects: - ".*-sandbox" resourceTypes: repositories: true pipelines: true releases: false projectOverrides: - projects: ["shared-services"] resourceTypes: repositories: true pipelines: false releases: false ``` -------------------------------- ### Run RunWhen Local with Docker Source: https://github.com/runwhen-contrib/runwhen-local/blob/main/docs/installation/getting_started-running_locally.md Starts the RunWhen Local container using Docker, mapping the shared volume and exposing the necessary port. Ensure Docker is installed and running. ```bash docker run --name RunWhenLocal -p 8081:8081 -v $workdir/shared:/shared -d ghcr.io/runwhen-contrib/runwhen-local:latest ``` -------------------------------- ### Run Workspace Builder with Local Installation Source: https://github.com/runwhen-contrib/runwhen-local/blob/main/README.md Executes the runwhen-local builder using a local installation by navigating to the 'src' directory and running the 'run.sh' script. This method is an alternative to using Docker. ```bash # Using local installation cd src && ./run.sh ``` -------------------------------- ### Testing Multi-Kubeconfig Setup Source: https://github.com/runwhen-contrib/runwhen-local/blob/main/docs/kubernetes-lod-quick-reference.md Command to run tests for a multi-kubeconfig setup within the project's test directory. ```bash cd .test/k8s/basic task test-multi-kubeconfig ``` -------------------------------- ### Legacy Secrets Configuration Example Source: https://github.com/runwhen-contrib/runwhen-local/blob/main/docs/cloud-discovery-configuration/aws-workspace-key-reference.md Example of providing AWS credentials using a legacy workspaceKey format. ```yaml secretsProvided: - name: aws_credentials workspaceKey: "legacy:format@secret" ``` -------------------------------- ### GKE Cluster Configuration Source: https://github.com/runwhen-contrib/runwhen-local/blob/main/docs/cloud-discovery-configuration/google-cloud-platform-expanded.md Example workspaceInfo.yaml demonstrating how to configure a GKE cluster, including project ID, service account, and cluster details. ```yaml # Example workspaceInfo.yaml with GKE cluster configuration workspaceName: "gke-workspace" workspaceOwnerEmail: "team@example.com" defaultLocation: "location-01" defaultLOD: "detailed" cloudConfig: gcp: projects: ["my-production-project"] saSecretName: "gcp-production-sa" custom: gke_clusters: production: name: "production-gke" cluster_type: "gke" project_id: "my-production-project" zone: "us-central1-a" region: "us-central1" auth_type: "gcp_service_account" auth_secret: "gcp-production-sa" ``` -------------------------------- ### Basic namespaceLODs with AKS Source: https://github.com/runwhen-contrib/runwhen-local/blob/main/docs/aks-namespacelods-support.md Configure basic namespace LOD settings for AKS clusters. This example shows a simple setup with a single AKS cluster. ```yaml workspaceName: "my-aks-workspace" workspaceOwnerEmail: "admin@company.com" defaultLocation: "location-01" defaultLOD: "basic" cloudConfig: kubernetes: kubeconfigFile: /shared/kubeconfig # Now works with AKS clusters! namespaceLODs: production: "detailed" # Production gets detailed monitoring staging: "basic" # Staging gets basic monitoring development: "basic" # Development gets basic monitoring kube-system: "none" # System namespaces excluded kube-public: "none" kube-node-lease: "none" azure: aksClusters: autoDiscover: false clusters: - name: my-aks-cluster server: https://my-aks.hcp.eastus.azmk8s.io:443 resource_group: my-rg subscriptionId: my-subscription-id defaultNamespaceLOD: basic # Fallback for unlisted namespaces ``` -------------------------------- ### Install RunWhen Local with Helm Source: https://github.com/runwhen-contrib/runwhen-local/blob/main/docs/installation/kubernetes_standalone.md Use this command to add the RunWhen Contrib Helm chart repository and install the runwhen-local release into the specified namespace. ```bash kubectl create ns $namespace helm repo add runwhen-contrib https://runwhen-contrib.github.io/helm-charts helm repo update helm install runwhen-local runwhen-contrib/runwhen-local -n $namespace --set workspaceName=$workspace ``` -------------------------------- ### Helm Installation of RunWhen Local with Runner Source: https://github.com/runwhen-contrib/runwhen-local/blob/main/docs/installation/kubernetes_self_hosted_runner/README.md Use this command to install RunWhen Local with the self-hosted runner enabled. Ensure you set the correct namespace and workspace name. ```bash namespace= workspace= helm repo add runwhen-contrib https://runwhen-contrib.github.io/helm-charts helm repo update helm install runwhen-local runwhen-contrib/runwhen-local \ --set workspaceName=$workspace \ --set runner.enabled=true \ -n $namespace ``` -------------------------------- ### ConfigProvided Overrides Example Source: https://github.com/runwhen-contrib/runwhen-local/blob/main/README.md Example of a workspaceInfo.yaml file demonstrating how to use configProvided overrides to customize template variables for a code bundle. ```yaml # workspaceInfo.yaml overrides: codebundles: - repoURL: "https://github.com/runwhen-contrib/rw-cli-codecollection.git" codebundleDirectory: "azure-aks-triage" type: "runbook" configProvided: TIME_PERIOD_MINUTES: "120" DEBUG_MODE: "true" ``` -------------------------------- ### Run Renovate Locally Source: https://github.com/runwhen-contrib/runwhen-local/blob/main/RENOVATE.md Install the Renovate CLI globally and run it locally for debugging or manual execution. Ensure you provide a GitHub token with appropriate permissions. ```bash npm install -g renovate renovate --token $GITHUB_TOKEN --platform github --log-level debug ``` -------------------------------- ### Install RunWhen Local Helm Chart with Upload Enabled Source: https://github.com/runwhen-contrib/runwhen-local/blob/main/docs/installation/kubernetes_self_hosted_runner/README.md Install or upgrade the RunWhen Local Helm chart, enabling the self-hosted runner and configuring it to use a provided secret for upload information. Ensure to merge these settings with your existing values.yaml. ```bash helm install runwhen-local runwhen-contrib/runwhen-local \ --set workspaceName=$workspace \ --set runner.enabled=true \ --set runwhenLocal.uploadInfo.secretProvided.enabled=true \ --set runwhenLocal.uploadInfo.secretProvided.secretName=uploadinfo \ --set runwhenLocal.uploadInfo.secretProvided.secretKey=uploadInfo.yaml \ --set runwhenLocal.uploadInfo.secretProvided.secretPath=uploadInfo.yaml \ --set runwhenLocal.autoRun.uploadEnabled=true \ -n $namespace ``` -------------------------------- ### Install RunWhen Local with Docker Source: https://github.com/runwhen-contrib/runwhen-local/blob/main/README.md Use this command to pull the latest RunWhen Local Docker image and run it with volume mounts for configuration and output. ```bash # Pull the latest image docker pull ghcr.io/runwhen-contrib/runwhen-local:latest # Run with volume mounts for configuration and output docker run -it --rm \ -v $(pwd)/workspaceInfo.yaml:/shared/workspaceInfo.yaml \ -v $(pwd)/kubeconfig:/shared/kubeconfig \ -v $(pwd)/output:/shared/output \ ghcr.io/runwhen-contrib/runwhen-local:latest ``` -------------------------------- ### Basic Multi-Context Setup with Global Namespace LODs Source: https://github.com/runwhen-contrib/runwhen-local/blob/main/docs/kubernetes-lod-configuration.md Configure multiple Kubernetes contexts with a global default LOD and specific global namespace LOD rules. This setup ensures that certain namespaces like 'backend-services' and 'frontend-services' always have 'detailed' discovery, while others like 'monitoring' have 'basic' discovery, overriding context-specific defaults. ```yaml workspaceName: "multi-cluster-production" workspaceOwnerEmail: platform@example.com defaultLocation: location-01 defaultLOD: none # Disable discovery by default cloudConfig: kubernetes: kubeconfigFile: /shared/kubeconfig inClusterAuth: false # Context-specific defaults contexts: prod-cluster-01: defaultNamespaceLOD: none prod-cluster-02: defaultNamespaceLOD: none staging-cluster-01: defaultNamespaceLOD: basic # Global namespace rules (applied across all contexts) namespaceLODs: backend-services: "detailed" frontend-services: "detailed" monitoring: "basic" ``` -------------------------------- ### Example Per-Table Statistics Output Source: https://github.com/runwhen-contrib/runwhen-local/blob/main/docs/workspace-generation-statistics.md This is an example of the detailed per-table statistics logged when CloudQuery debug logging is enabled. It shows the number of resources discovered, added, and skipped for each table. ```text DEBUG: Table azure_compute_virtual_machines: discovered=45, added=43, skipped=2 DEBUG: Table azure_storage_accounts: discovered=12, added=12, skipped=0 DEBUG: Table azure_network_virtual_networks: discovered=8, added=8, skipped=0 ``` -------------------------------- ### Download Kubeconfig Generation Script Source: https://github.com/runwhen-contrib/runwhen-local/blob/main/docs/installation/getting_started-running_locally.md Fetches the script to generate a kubeconfig suitable for RunWhen Local. Ensure you have `curl` installed. ```bash curl -o- https://raw.githubusercontent.com/runwhen-contrib/runwhen-local/main/deploy/scripts/gen_rw_kubeconfig.sh > gen_rw_kubeconfig.sh ``` -------------------------------- ### Kubernetes Resource Types Examples Source: https://github.com/runwhen-contrib/runwhen-local/blob/main/generation-rules-guide.md Lists common Kubernetes resource types that can be used with RunWhen Local, corresponding to CloudQuery table schema names. ```yaml # Kubernetes - Examples from CloudQuery Kubernetes plugin resourceTypes: - pod # k8s_core_pods - service # k8s_core_services - deployment # k8s_apps_deployments - namespace # k8s_core_namespaces - configmap # k8s_core_config_maps - secret # k8s_core_secrets - ingress # k8s_networking_ingresses - persistent_volume # k8s_core_persistent_volumes - statefulset # k8s_apps_stateful_sets ``` -------------------------------- ### Build RunWhen Local Docker Image Source: https://github.com/runwhen-contrib/runwhen-local/blob/main/docs/Development.md Builds the Docker image for RunWhen Local. Ensure Docker is installed and you are in the repository's root directory. ```bash # Set and create a working directory export workdir=~/runwhen-local mkdir -p $workdir/shared/output; chmod 777 $workdir/shared/output; cd src/ docker build -t runwhen-local:test -f Dockerfile . ``` -------------------------------- ### Creating a Service Account and Key for RunWhen Local Source: https://github.com/runwhen-contrib/runwhen-local/blob/main/examples/gcp/README.md This script creates a new service account, assigns it the 'viewer' role, and generates a JSON key file. Ensure you have the gcloud CLI installed and authenticated. ```bash export PROJECT_ID="my-project-id" export KEY_FILE="gcp-service-account-key.json" export SA_NAME="runwhen-local-sa" # Create service account gcloud iam service-accounts create $SA_NAME \ --description="Service Account for RunWhen Local Discovery" \ --display-name="RunWhen Local Discovery Service Account" \ --project=$PROJECT_ID # Add IAM policy binding gcloud projects add-iam-policy-binding $PROJECT_ID \ --member="serviceAccount:$SA_NAME@$PROJECT_ID.iam.gserviceaccount.com" \ --role="roles/viewer" # Create and download key gcloud iam service-accounts keys create $KEY_FILE \ --iam-account=$SA_NAME@$PROJECT_ID.iam.gserviceaccount.com \ --project=$PROJECT_ID ``` -------------------------------- ### Helm Installation in OpenShift Source: https://github.com/runwhen-contrib/runwhen-local/blob/main/docs/installation/kubernetes_self_hosted_runner/README.md Deploy RunWhen Local with the runner in an OpenShift environment. This includes a specific setting for the Kubernetes distribution binary. ```bash namespace= workspace= helm repo add runwhen-contrib https://runwhen-contrib.github.io/helm-charts helm repo update helm install runwhen-local runwhen-contrib/runwhen-local \ --set workspaceName=$workspace \ --set runwhenLocal.workspaceInfo.configMap.data.custom.kubernetes_distribution_binary=oc \ --set runner.enabled=true \ -n $namespace ``` -------------------------------- ### Run RunWhen Local with Podman (macOS amd64) Source: https://github.com/runwhen-contrib/runwhen-local/blob/main/docs/installation/getting_started-running_locally.md Starts the RunWhen Local container using Podman on macOS amd64, mapping the shared volume and exposing the necessary port. This command specifies the platform and uses user namespace remapping. ```bash podman run --platform=linux/arm64 --name RunWhenLocal -p 8081:8081 -v $workdir/shared:/shared --userns=keep-id:uid=999,gid=999 ghcr.io/runwhen-contrib/runwhen-local:latest ``` -------------------------------- ### Leaf Entry Rule Example Source: https://github.com/runwhen-contrib/runwhen-local/blob/main/docs/tag-hierarchy-contract.md Demonstrates the mandatory rule that the hierarchy always concludes with 'resource_name' as the leaf entry, regardless of qualifiers. ```jinja - resource_name ``` -------------------------------- ### Configure Watched Files with a Config File Source: https://github.com/runwhen-contrib/runwhen-local/blob/main/docs/configuration/file-watching-configuration.md Create a `/shared/watch-files.conf` file to specify which files should trigger workspace discovery when changed. Lines starting with '#' and empty lines are ignored. ```bash # Watch files configuration # Lines starting with # are ignored (comments) # Empty lines are ignored /shared/workspaceInfo.yaml /shared/uploadInfo.yaml # Add ConfigMaps or Secrets that should trigger reloads /shared/my-configmap.yaml /shared/my-secret.yaml ``` ```bash # In your working directory cat > shared/watch-files.conf << 'EOF' # Core configuration files /shared/workspaceInfo.yaml /shared/uploadInfo.yaml # Custom ConfigMaps/Secrets /shared/database-config.yaml /shared/api-keys-secret.yaml EOF ``` -------------------------------- ### GCP Resource Types Examples Source: https://github.com/runwhen-contrib/runwhen-local/blob/main/generation-rules-guide.md Lists common GCP resource types that can be used with RunWhen Local, corresponding to CloudQuery table schema names. ```yaml # GCP - Examples from CloudQuery GCP plugin resourceTypes: - compute_instance # gcp_compute_instances - storage_bucket # gcp_storage_buckets - sql_instance # gcp_sql_instances - kubernetes_cluster # gcp_container_clusters - cloud_function # gcp_cloudfunctions_functions - firewall_rule # gcp_compute_firewall_rules - vpc_network # gcp_compute_networks ``` -------------------------------- ### Run RunWhen Local with Podman (macOS x86) Source: https://github.com/runwhen-contrib/runwhen-local/blob/main/docs/installation/getting_started-running_locally.md Starts the RunWhen Local container using Podman on macOS x86, mapping the shared volume and exposing the necessary port. This command uses user namespace remapping. ```bash podman run --name RunWhenLocal -p 8081:8081 -v $workdir/shared:/shared --userns=keep-id:uid=999,gid=999 ghcr.io/runwhen-contrib/runwhen-local:latest ``` -------------------------------- ### Migrate from Context-only Configuration to namespaceLODs Source: https://github.com/runwhen-contrib/runwhen-local/blob/main/docs/aks-namespacelods-support.md Example of migrating a configuration from using context-specific `defaultNamespaceLOD` to the unified `kubernetes.namespaceLODs` structure. The `defaultNamespaceLOD` in `contexts` now serves as a fallback for namespaces not explicitly defined in `namespaceLODs`. ```yaml kubernetes: contexts: my-aks-cluster: defaultNamespaceLOD: basic # Same LOD for all namespaces ``` ```yaml kubernetes: namespaceLODs: production: "detailed" staging: "basic" kube-system: "none" contexts: my-aks-cluster: defaultNamespaceLOD: basic # Fallback for unlisted namespaces ``` -------------------------------- ### Helm Deploy for EKS Fargate Source: https://github.com/runwhen-contrib/runwhen-local/blob/main/docs/installation/kubernetes_standalone.md Recommended Helm installation command for EKS Fargate deployments, as it specifically addresses Kubernetes resource requests for node provisioning. ```bash helm install runwhen-local runwhen-contrib/runwhen-local \ -n $namespace \ --set resources.requests.memory="1Gi" \ --set resources.requests.cpu="1" ``` -------------------------------- ### Image List Structure Example Source: https://github.com/runwhen-contrib/runwhen-local/blob/main/deploy/scripts/registry-sync/README.md Defines the expected JSON structure for image lists used by the script, mapping repository images to their destination and Helm keys. ```json [ { "repository_image": "ghcr.io/runwhen-contrib/runwhen-local", "destination": "runwhen/runwhen-local", "helm_key": "runwhenLocal" } ] ``` -------------------------------- ### Azure Resource Types Examples Source: https://github.com/runwhen-contrib/runwhen-local/blob/main/generation-rules-guide.md Lists common Azure resource types that can be used with RunWhen Local, corresponding to CloudQuery table schema names. ```yaml # Azure - Examples from CloudQuery Azure plugin resourceTypes: - resource_group # azure_resources_resource_groups - virtual_machine # azure_compute_virtual_machines - storage_account # azure_storage_accounts - app_service # azure_web_apps - sql_database # azure_sql_databases - key_vault # azure_keyvault_vaults - network_security_group # azure_network_security_groups - virtual_network # azure_network_virtual_networks - load_balancer # azure_network_load_balancers ``` -------------------------------- ### Default File Watching Configuration Source: https://github.com/runwhen-contrib/runwhen-local/blob/main/docs/configuration/file-watching-configuration.md This configuration uses the default file watching behavior, which includes 'workspaceInfo.yaml' and 'uploadInfo.yaml'. No explicit configuration is needed for this default setup. ```bash # No configuration needed - uses defaults # Watches: workspaceInfo.yaml, uploadInfo.yaml ``` -------------------------------- ### Robot Framework Basic Service Account Authentication Source: https://github.com/runwhen-contrib/runwhen-local/blob/main/docs/cloud-discovery-configuration/google-cloud-platform-expanded.md Example Robot Framework test case demonstrating how to import GCP service account credentials and use `kubectl` to interact with an authenticated GKE cluster. ```robotframework *** Settings *** Library RW.Core *** Test Cases *** GCP Service Account Example # Import required secrets Import Secret gcp_projectId Import Secret gcp_serviceAccountKey Import Secret my_gke_kubeconfig # Use kubectl with authenticated cluster Shell kubectl get nodes Shell kubectl get pods --all-namespaces ``` -------------------------------- ### AWS Resource Types Examples Source: https://github.com/runwhen-contrib/runwhen-local/blob/main/generation-rules-guide.md Lists common AWS resource types that can be used with RunWhen Local, corresponding to CloudQuery table schema names. ```yaml # AWS - Examples from CloudQuery AWS plugin resourceTypes: - ec2_instance # aws_ec2_instances - s3_bucket # aws_s3_buckets - rds_instance # aws_rds_instances - lambda_function # aws_lambda_functions - vpc # aws_ec2_vpcs - security_group # aws_ec2_security_groups - iam_role # aws_iam_roles - cloudformation_stack # aws_cloudformation_stacks - elb_load_balancer # aws_elbv2_load_balancers ``` -------------------------------- ### Kubernetes Deployment Configuration Source: https://github.com/runwhen-contrib/runwhen-local/blob/main/docs/configuration/file-watching-configuration.md Deploy RunWhen Local using Kubernetes, defining watched files in a ConfigMap and mounting it into the deployment. This example uses a ConfigMap for watch files and a persistent volume claim for shared data. ```yaml apiVersion: v1 kind: ConfigMap metadata: name: watch-config data: watch-files.conf: | /shared/workspaceInfo.yaml /shared/uploadInfo.yaml /shared/database-config --- apiVersion: apps/v1 kind: Deployment metadata: name: runwhen-local spec: template: spec: containers: - name: runwhen-local image: runwhen-local:latest env: - name: AUTORUN_WORKSPACE_BUILDER_INTERVAL value: "300" volumeMounts: - name: shared mountPath: /shared - name: watch-config mountPath: /shared/watch-files.conf subPath: watch-files.conf volumes: - name: shared persistentVolumeClaim: claimName: runwhen-shared - name: watch-config configMap: name: watch-config ``` -------------------------------- ### Kubernetes-Only Discovery Workspace Configuration Source: https://github.com/runwhen-contrib/runwhen-local/blob/main/README.md Example configuration for a workspace focused solely on Kubernetes discovery. It specifies Kubernetes-specific settings like kubeconfig path and namespace levels of detail. ```yaml workspaceName: "kubernetes-prod" workspaceOwnerEmail: "admin@company.com" defaultLocation: "location-01" defaultLOD: "detailed" cloudConfig: kubernetes: kubeconfigFile: "/shared/kubeconfig" namespaceLODs: production: "detailed" staging: "basic" kube-system: "none" kube-public: "none" kube-node-lease: "none" codeCollections: - repoURL: "https://github.com/runwhen-contrib/rw-cli-codecollection.git" branch: "main" custom: kubernetes_distribution_binary: "kubectl" cloud_provider: "none" ``` -------------------------------- ### Complex Multi-Context Workspace Configuration Source: https://github.com/runwhen-contrib/runwhen-local/blob/main/docs/kubernetes-lod-configuration.md A comprehensive workspace configuration demonstrating multi-cluster setups, shared namespace rules, and context-specific defaults. It includes global namespace LODs, context-specific defaults, and exclusions. ```yaml workspaceName: "enterprise-platform" workspaceOwnerEmail: sre@enterprise.com defaultLocation: us-east-1 defaultLOD: detailed cloudConfig: kubernetes: kubeconfigFile: /shared/multi-cluster.kubeconfig inClusterAuth: false excludeLabels: type: - "croncoderun" - "coderun" contexts: # Production clusters - restrictive by default prod-us-east-cluster: defaultNamespaceLOD: none prod-us-west-cluster: defaultNamespaceLOD: none prod-eu-cluster: defaultNamespaceLOD: none # Staging clusters - more permissive staging-us-cluster: defaultNamespaceLOD: basic namespaceLODs: test-namespace: "detailed" # Extra detail for testing # Development clusters - full discovery dev-cluster: defaultNamespaceLOD: detailed # Global namespace rules across all clusters namespaceLODs: # Critical production services (detailed everywhere) backend-services: "detailed" frontend-services: "detailed" payment-processing: "detailed" user-authentication: "detailed" # Infrastructure services (basic everywhere) ingress-nginx: "basic" cert-manager: "basic" external-dns: "basic" # Monitoring/observability (detailed everywhere) prometheus: "detailed" grafana: "detailed" loki: "detailed" # CI/CD (basic everywhere) gitlab: "basic" argocd: "basic" flux-system: "basic" # Never discover these kube-system: "none" kube-public: "none" kube-node-lease: "none" codeCollections: [] custom: kubernetes_distribution_binary: kubectl ``` -------------------------------- ### Prepare and Run Kubeconfig Generation Script Source: https://github.com/runwhen-contrib/runwhen-local/blob/main/docs/installation/getting_started-running_locally.md Makes the downloaded script executable and then runs it to create a new kubeconfig file. This script uses `yq` and `jq`. ```bash chmod +x gen_rw_kubeconfig.sh ./gen_rw_kubeconfig.sh ``` -------------------------------- ### Upload Configuration via CLI Source: https://github.com/runwhen-contrib/runwhen-local/blob/main/docs/user-guide/features/upload-to-runwhen-platform.md Execute the discovery process with the `--upload` flag to upload configuration to the RunWhen Platform. Use the `-e WB_DEBUG_SUPPRESS_CHEAT_SHEET="true"` option to skip cheat sheet rendering and speed up the process. ```bash docker exec -w /workspace-builder -e WB_DEBUG_SUPPRESS_CHEAT_SHEET="true" -- RunWhenLocal ./run.sh --upload ``` -------------------------------- ### Custom Credential Key Override Example Source: https://github.com/runwhen-contrib/runwhen-local/blob/main/docs/cloud-discovery-configuration/aws-workspace-key-reference.md Example of providing AWS credentials using a custom workspaceKey pattern. ```yaml secretsProvided: - name: aws_credentials workspaceKey: "my:custom@pattern" ``` -------------------------------- ### Create Workspace and Output Directory (OpenShift) Source: https://github.com/runwhen-contrib/runwhen-local/blob/main/docs/installation/getting_started-running_locally.md Prepare the shared directory and output folder for OpenShift. Sets output directory permissions to 777 for container write access and creates the workspaceInfo.yaml file. ```bash mkdir -p $workdir/shared/output # The output directory needs to be written to from the container image: chmod 777 $workdir/shared/output cat < $workdir/shared/workspaceInfo.yaml defaultLocation: none workspaceOwnerEmail: tester@my-company.com # More workspace config # Default Level of Detail(LOD): none, basic, or detailed # https://docs.runwhen.com/public/v/runwhen-local/user-guide/user_guide-advanced_configuration/workspaceinfo-customization/level-of-detail defaultLOD: detailed cloudConfig: kubernetes: kubeconfigFile: /shared/kubeconfig namespaceLODs: kube-system: 0 kube-public: 0 kube-node-lease: 0 codeCollections: [] custom: # Note: Most of these are simple keys, such as the name of a secret that # should be referenced from the platform. The secret itself (key and value) # must be created in the RunWhen Platform by the user. We do not upload # or configure secrets automatically. # The default for kubeconfig_secret_name is set to a secret that runwhenLocal # creates for the use of the runner. This can be simply swapped out with the # name of a secret that is stored in the RunWhen Platform. kubeconfig_secret_name: kubeconfig kubernetes_distribution_binary: kubectl EOF ``` -------------------------------- ### Registry Sync Script Usage Source: https://github.com/runwhen-contrib/runwhen-local/blob/main/deploy/scripts/registry-sync/README.md Demonstrates how to source configuration and execute the registry synchronization script. Ensure AWS credentials and necessary tools are configured. ```bash source aws_ecr_example_config.sh ./sync_with_aws_ecr.sh ``` -------------------------------- ### Run RunWhen Local with Podman (Linux with SELinux) Source: https://github.com/runwhen-contrib/runwhen-local/blob/main/docs/installation/getting_started-running_locally.md Starts the RunWhen Local container using Podman on Linux with SELinux enabled. It maps the shared volume, exposes the port, disables security options for volume access, and uses user namespace remapping. ```bash podman run --platform=linux/arm64 --name RunWhenLocal -p 8081:8081 -v $workdir/shared:/shared --security-opt label=disable --userns=keep-id:uid=999,gid=999 ghcr.io/runwhen-contrib/runwhen-local:latest ``` -------------------------------- ### Create GCP Service Account and Key Source: https://github.com/runwhen-contrib/runwhen-local/blob/main/docs/cloud-discovery-configuration/google-cloud-platform-1.md Use the gcloud CLI to create a service account, grant it the viewer role, and generate a JSON key file for authentication. ```bash export PROJECT_ID=[project-id] export KEY_FILE=GCPServiceAccountKeyWorkspaceBuilder.json export SA_NAME=runwhen-local-sa gcloud iam service-accounts create $SA_NAME \ --description="Service Account for RunWhen Discovery" \ --display-name="RunWhen Discovery Service Account" gcloud projects add-iam-policy-binding $PROJECT_ID \ --member="serviceAccount:$SA_NAME@$PROJECT_ID.iam.gserviceaccount.com" \ --role="roles/viewer" gcloud iam service-accounts keys create $KEY_FILE \ --iam-account=$SA_NAME@$PROJECT_ID.iam.gserviceaccount.com ``` -------------------------------- ### Basic Resource Type Specifications Source: https://github.com/runwhen-contrib/runwhen-local/blob/main/generation-rules-guide.md Illustrates how to specify resource types, including simple names, platform-prefixed names, and cross-platform names. ```yaml resourceTypes: - resource_group # Simple name - azure:resource_group # Platform-prefixed - kubernetes:pod # Cross-platform ``` -------------------------------- ### Override Processing Start Log Message Source: https://github.com/runwhen-contrib/runwhen-local/blob/main/docs/configProvided-overrides-troubleshooting.md This log message indicates the start of the override checking process for a specific configuration. It shows the repository URL, code bundle directory, and type being evaluated. ```log [INFO] enrichers.generation_rules: Checking overrides for: repo_url='...', codebundle_dir='...', type='...' ``` -------------------------------- ### Run with Full Debug Logging Source: https://github.com/runwhen-contrib/runwhen-local/blob/main/docs/cloudquery-debug-logging.md Enable all debug logs, including general, Azure SDK, and CloudQuery, for maximum verbosity. ```bash # See all debug logs (very verbose!) DEBUG_LOGGING=true CQ_DEBUG=true ./run.sh ``` -------------------------------- ### Create Workspace and Output Directory (Kubernetes/GKE) Source: https://github.com/runwhen-contrib/runwhen-local/blob/main/docs/installation/getting_started-running_locally.md Prepare the shared directory and output folder for Kubernetes/GKE. Sets output directory permissions to 777 for container write access and creates the workspaceInfo.yaml file. ```bash mkdir -p $workdir/shared/output # Set the output directory to 777 so that the runwhen container user can write # out the configuration files: chmod -R 777 $workdir/shared cat < $workdir/shared/workspaceInfo.yaml defaultLocation: none workspaceOwnerEmail: tester@my-company.com # More workspace config # Default Level of Detail(LOD): none, basic, or detailed # https://docs.runwhen.com/public/v/runwhen-local/user-guide/user_guide-advanced_configuration/workspaceinfo-customization/level-of-detail defaultLOD: detailed cloudConfig: kubernetes: kubeconfigFile: /shared/kubeconfig namespaceLODs: kube-system: 0 kube-public: 0 kube-node-lease: 0 codeCollections: [] custom: # Note: Most of these are simple keys, such as the name of a secret that # should be referenced from the platform. The secret itself (key and value) # must be created in the RunWhen Platform by the user. We do not upload # or configure secrets automatically. # The default for kubeconfig_secret_name is set to a secret that runwhenLocal # creates for the use of the runner. This can be simply swapped out with the # name of a secret that is stored in the RunWhen Platform. kubeconfig_secret_name: kubeconfig kubernetes_distribution_binary: kubectl EOF chmod 655 $workdir/shared/workspaceInfo.yaml ``` -------------------------------- ### Example Azure DevOps Resource with Organization Attribute Source: https://github.com/runwhen-contrib/runwhen-local/blob/main/examples/azure-devops/README.md This YAML snippet shows an example of a repository resource, including its ID, name, organization, project, qualified name, remote URL, size, and API URL. The 'organization' attribute is highlighted for multi-organization support and organization-specific rules. ```yaml your-organization/your-project/your-repository: !Resource id: abc123ef-1234-5678-9abc-def123456789 name: your-repository organization: your-organization project: !Resource { ... } qualified_name: your-organization/your-project/your-repository remote_url: https://your-organization@dev.azure.com/your-organization/your-project/_git/your-repository size: 188 url: https://dev.azure.com/your-organization/12345678-1234-5678-9abc-def123456789/_apis/git/repositories/abc123ef-1234-5678-9abc-def123456789 ``` -------------------------------- ### Deploy RunWhen Local with Manifests Source: https://github.com/runwhen-contrib/runwhen-local/blob/main/docs/installation/kubernetes_standalone.md Use this command to deploy RunWhen Local using the all-in-one.yaml manifest. Customize the namespace and kubeconfig path as needed. This involves creating a namespace, a kubeconfig secret, and applying the main deployment manifest. ```bash # Customize the namespace name and path to kubeconfig as desired namespace=runwhen-local kubeconfig_path=~/runwhen-local/shared/kubeconfig # Create the namespace kubectl create ns $namespace # Create the kubeconfig secret kubectl create secret generic runwhen-local-kubeconfig --from-file=kubeconfig=$kubeconfig_path -n $namespace # Create the deployment, service, and configmap kubectl apply -f https://raw.githubusercontent.com/runwhen-contrib/runwhen-local/main/deploy/kubernetes/all-in-one.yaml -n $namespace ``` -------------------------------- ### Custom AWS Credentials Secret Reference Source: https://github.com/runwhen-contrib/runwhen-local/blob/main/docs/cloud-discovery-configuration/aws-workspace-key-reference.md Example of referencing a custom AWS credentials secret defined in workspaceInfo.yaml. ```yaml # In workspaceInfo.yaml custom: aws_credentials_secret_name: prod-aws-creds # Generated workspaceKey k8s:file@secret/prod-aws-creds:awsAccessKeyId ``` -------------------------------- ### Get Kubernetes Pod Logs Source: https://github.com/runwhen-contrib/runwhen-local/blob/main/docs/User_Guide-Stuck_Read_This.md Retrieve logs from a specific pod in a Kubernetes namespace using kubectl for debugging. ```bash $ kubectl logs -f [pod-name] -n [namespace] ``` -------------------------------- ### Prepare and Execute Registry Sync Script Source: https://github.com/runwhen-contrib/runwhen-local/blob/main/deploy/scripts/registry-sync/README.md Ensure registry access is authenticated and the script is executable. Run the script to synchronize container images to your specified private registry. ```bash az acr login --name myContainerRegistry chmod +x sync_with_az_import.sh ``` -------------------------------- ### Quick Test Script for RunWhen Local Source: https://github.com/runwhen-contrib/runwhen-local/blob/main/docs/Development.md A comprehensive script for cleaning up, rebuilding the container, and running discovery with verbose output. Requires workdir, kubeconfig, and workspaceInfo.yaml to be set. ```bash #!/bin/bash if [[ "$workdir" ]];then cd $workdir echo "Kill and remove RunWhenLocal Container" docker kill RunWhenLocal; docker rm RunWhenLocal echo "Remocing shared output dir" sudo rm -rf $workdir/shared/output echo "Creating clean shared output dir" mkdir $workdir/shared/output chmod 777 $workdir/shared/output echo "rebuild image" docker build -t runwhen-local:test -f ../runwhen-local/src/Dockerfile ../runwhen-local/src/ echo "Running RunWhenLocal container" docker run --name RunWhenLocal -p 8081:8081 -v $workdir/shared:/shared -d runwhen-local:test sleep 5 echo "Running discovery" docker exec -w /workspace-builder -- RunWhenLocal ./run.sh --verbose else echo "workdir variable/path not set" fi ``` -------------------------------- ### Run Registry Sync Script Source: https://github.com/runwhen-contrib/runwhen-local/blob/main/deploy/scripts/registry-sync/AWS_ECS_README.md Source your configuration file and execute the sync script to synchronize images with AWS ECR. ```bash source my_config.sh ./sync_with_aws_ecr.sh ``` -------------------------------- ### Discovered AWS Auth Secret Reference Source: https://github.com/runwhen-contrib/runwhen-local/blob/main/docs/cloud-discovery-configuration/aws-workspace-key-reference.md Example of referencing an AWS authentication secret discovered during indexing, as defined in cloudConfig. ```yaml # In cloudConfig cloudConfig: aws: awsSecretName: dev-credentials # Generated workspaceKey k8s:file@secret/dev-credentials:awsAccessKeyId ``` -------------------------------- ### Get AWS IAM Role Details Source: https://github.com/runwhen-contrib/runwhen-local/blob/main/docs/cloud-discovery-configuration/amazon-web-services.md Retrieve details about an AWS IAM role, useful for verifying its existence and configuration. ```bash aws iam get-role --role-name RunWhenDiscoveryRole ``` -------------------------------- ### Run with Minimal Logging Source: https://github.com/runwhen-contrib/runwhen-local/blob/main/docs/cloudquery-debug-logging.md Execute the run script with default settings for minimal logging. ```bash # Neither variable set - minimal logging ./run.sh ``` -------------------------------- ### Customize Namespace and Kubeconfig Path Source: https://github.com/runwhen-contrib/runwhen-local/blob/main/docs/installation/kubernetes_standalone.md Set the desired namespace and the path to your kubeconfig file before installing the RunWhen Local Helm chart. ```bash namespace=runwhen-local workspace=[my-runwhen-workspace] ``` -------------------------------- ### Run with General Debug Logging Source: https://github.com/runwhen-contrib/runwhen-local/blob/main/docs/cloudquery-debug-logging.md Enable general debug logs and Azure SDK logs without CloudQuery's verbose output. ```bash # See general debug logs and Azure SDK logs, but not CloudQuery verbose output DEBUG_LOGGING=true ./run.sh ``` -------------------------------- ### Get AWS Account ID Source: https://github.com/runwhen-contrib/runwhen-local/blob/main/docs/plans/aws-authentication-enhancement-plan.md Retrieves the AWS account ID associated with the current session. Returns None if an error occurs. ```python def get_account_id(session: boto3.Session) -> str: """Get the AWS account ID for the current session.""" try: sts = session.client('sts') identity = sts.get_caller_identity() return identity['Account'] except Exception as e: logger.error(f"Failed to get AWS account ID: {e}") return None ``` -------------------------------- ### Execute run.sh with Verbosity Source: https://github.com/runwhen-contrib/runwhen-local/blob/main/docs/User_Guide-Stuck_Read_This.md Use the --verbose flag with the run.sh command inside the container to get more detailed output for debugging. ```bash $ docker exec -w /workspace-builder -- RunWhenLocal ./run.sh --verbose ``` -------------------------------- ### Helm Deploy with Built-in Terminal Enabled Source: https://github.com/runwhen-contrib/runwhen-local/blob/main/docs/installation/kubernetes_standalone.md Command to enable the built-in terminal during Helm installation. The terminal is disabled by default for security reasons. ```bash helm install runwhen-local runwhen-contrib/runwhen-local \ -n $namespace \ --set terminal.disabled=false ``` -------------------------------- ### Generic 500 Error Log Example Source: https://github.com/runwhen-contrib/runwhen-local/blob/main/docs/User_Guide-Stuck_Read_This.md This log entry indicates a generic internal server error, often related to authentication issues. ```text Resetting neo4j models Internal Server Error: /run/ [26/Jul/2023 22:30:03] "POST /run/ HTTP/1.1" 500 9619 ``` -------------------------------- ### Start Restrictive LOD Configuration Source: https://github.com/runwhen-contrib/runwhen-local/blob/main/docs/kubernetes-lod-configuration.md Set the default LOD to 'none' for all namespaces and then selectively enable 'detailed' LOD for specific critical applications. ```yaml contexts: prod-cluster: defaultNamespaceLOD: none # Disable by default namespaceLODs: critical-app: "detailed" # Enable only what you need ``` -------------------------------- ### Get AWS Account Alias Source: https://github.com/runwhen-contrib/runwhen-local/blob/main/docs/plans/aws-authentication-enhancement-plan.md Retrieves the AWS account alias for the current session. Returns None if no alias is set or an error occurs. ```python def get_account_alias(session: boto3.Session) -> Optional[str]: """Get the AWS account alias for the current session.""" try: iam = session.client('iam') aliases = iam.list_account_aliases() if aliases['AccountAliases']: return aliases['AccountAliases'][0] return None except Exception as e: logger.warning(f"Failed to get AWS account alias: {e}") return None ``` -------------------------------- ### YAML Configuration After Override Source: https://github.com/runwhen-contrib/runwhen-local/blob/main/docs/configProvided-overrides.md Illustrates the configuration values after overrides have been successfully applied. ```yaml configProvided: - name: TIME_PERIOD_MINUTES value: "custom-runbook-value" - name: AZURE_SUBSCRIPTION_NAME value: "custom-subscription-name" ``` -------------------------------- ### Test AWS CLI Credentials Source: https://github.com/runwhen-contrib/runwhen-local/blob/main/docs/cloud-discovery-configuration/amazon-web-services.md Verify your AWS CLI credentials and region are correctly configured by testing your ability to get caller identity. ```bash # Test with AWS CLI aws sts get-caller-identity --region us-east-1 ``` -------------------------------- ### Discovering Available Resource Types from Resource Dump Source: https://github.com/runwhen-contrib/runwhen-local/blob/main/generation-rules-guide.md Shows how to inspect a resource dump to identify available resource types for a given platform. ```yaml # Resource dump structure shows available resource types platforms: azure: !Platform resourceTypes: resource_group: !ResourceType # <- This is the resource type name to use instances: {...} virtual_machine: !ResourceType # <- Another available resource type instances: {...} ``` -------------------------------- ### Basic Workspace Configuration (workspaceInfo.yaml) Source: https://github.com/runwhen-contrib/runwhen-local/blob/main/README.md Defines the fundamental settings for a runwhen-local workspace, including name, owner, default location, and cloud provider configurations. Ensure paths and IDs are correctly set for your environment. ```yaml # Basic workspaceInfo.yaml structure workspaceName: "my-workspace" workspaceOwnerEmail: "admin@company.com" defaultLocation: "location-01" defaultLOD: "detailed" # Level of detail: "none", "basic", or "detailed" # Cloud configuration cloudConfig: kubernetes: kubeconfigFile: "/shared/kubeconfig" namespaceLODs: kube-system: "none" kube-public: "none" kube-node-lease: "none" # Optional: Azure configuration azure: subscriptionId: "your-subscription-id" tenantId: "your-tenant-id" clientId: "your-client-id" clientSecret: "your-client-secret" # Code collections - external repositories with runbooks/SLIs codeCollections: - repoURL: "https://github.com/runwhen-contrib/rw-cli-codecollection.git" branch: "main" # Custom variables for generation rules custom: kubernetes_distribution_binary: "kubectl" cloud_provider: "none" ``` -------------------------------- ### Context-Specific LOD Overrides Source: https://github.com/runwhen-contrib/runwhen-local/blob/main/docs/kubernetes-lod-configuration.md Use per-context namespace LODs to define different behaviors across clusters. This example disables 'debug-tools' in 'prod-cluster' while enabling it in 'dev-cluster'. ```yaml contexts: prod-cluster: namespaceLODs: debug-tools: "none" # Disable in prod only dev-cluster: namespaceLODs: debug-tools: "detailed" # Enable in dev only ```